Consultant/Senior Consultant - Information Technology Risk Audit

Job Summary

As Risk Assurance Senior, you- ll contribute technically to Risk Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You- ll also identify potential business opportunities for the organization within existing engagements, and escalate these as appropriate. Similarly, you- ll anticipate and identify risks within engagements and share any issues with senior members of the team.

Client responsibilities

- Participate in Risk Assurance engagements

- Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress

- Help prepare reports and schedules that will be delivered to clients and other parties

- Develop and maintain productive working relationships with client personnel

- Build strong internal relationships within Advisory Services and with other services across the organization

People responsibilities

- Conduct performance reviews and contribute to performance feedback for staff

- Contribute to people-related initiatives including recruiting and retaining Risk Assurance professionals

- Maintain an educational program to continually develop personal skills of staff

- Understand and follow workplace policies and procedures

Requirements (including experience, skills and additional qualifications)

Technical skills requirements

- Preferably B.E/B.Tech (Electronics, Electronics & Telecommunications, Comp. Science)/MBA/M.Sc./CA with atleast a minimum of 3-6 years

- Knowledge and experience of a number of the following areas, and be developing deep experience and technical competence in at least one:

- Financial Audit IT Integration

- Service Organization Controls Reporting (SOCR - SSAE 16 // ISAE 3402) SOC 1, 2, & 3 Reporting

- IT assurance and compliance

- Depending upon your specific area(s) of focus, you- ll have additional skills and knowledge in:

- IT audit in the context of a financial audit, and related regulations, auditing standards and guidelines

- Control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX

- Internal audit services with a specific focus on IT, and related industry standards

- Common IT governance, control and assurance industry frameworks, including CObIT, RiskIT, ValIT, IT Governance Institute and ISACA good practices

- IT industry frameworks such as ITIL and CMM

- Third party reporting standards (particularly SSAE16), other reporting and industry specific standards and, if applicable, trust based standards such as SysTrust and WebTrust

- Security skills related to a broad range of operating systems, databases or security tools, e.g., UNIX, Linux, Windows 2000 and NT, firewalls and IDS systems

- Familiarity with IT analysis, delivery and operations methods, including SDLC and CMM

- Familiarity with security and risk standards such as ISO 27001-2, PCI DSS, NIST, ITIL, COBIT

- Experience of security testing methods and techniques including network, operating and application system configuration review

- Application controls and security experience:

- sensitive access and SoD testing

- controls testing

- Knowledge of data analysis tools like MS Excel, MS Access, MS SQL Server, ACL, Monarch, etc.

- Certifications: CISA

Additional requirements

- Demonstrated track record with a blue chip consulting organization and/or a blue chip organization

- Strong academic record including a degree